@auth/core - npm Package Compare versions

Comparing version 0.2.4 to 0.2.5

lib/oauth/authorization-url.js

@@ -11,3 +11,4 @@ import * as o from "oauth4webapi";
     let as;
-    if (!url) {
+    // Falls back to authjs.dev if the user only passed params
+    if (!url || url.host === "authjs.dev") {
         // If url is undefined, we assume that issuer is always defined
@@ -32,6 +33,3 @@ // We check this in assert.ts
         ...provider.authorization?.params,
-    }, // Defaults
-    Object.fromEntries(authParams), // From provider config
-    query // From `signIn` call
-    );
+    }, Object.fromEntries(provider.authorization?.url.searchParams ?? []), query);
     for (const k in params)
@@ -38,0 +36,0 @@ authParams.set(k, params[k]);

lib/oauth/callback.js

@@ -18,3 +18,6 @@ import * as o from "oauth4webapi";
     let as;
-    if (!provider.token?.url && !provider.userinfo?.url) {
+    const { token, userinfo } = provider;
+    // Falls back to authjs.dev if the user only passed params
+    if ((!token?.url || token.url.host === "authjs.dev") &&
+        (!userinfo?.url || userinfo.url.host === "authjs.dev")) {
         // We assume that issuer is always defined as this has been asserted earlier
@@ -33,5 +36,5 @@ // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
         as = {
-            issuer: provider.issuer ?? "https://a",
-            token_endpoint: provider.token?.url.toString(),
-            userinfo_endpoint: provider.userinfo?.url.toString(),
+            issuer: provider.issuer ?? "https://authjs.dev",
+            token_endpoint: token?.url.toString(),
+            userinfo_endpoint: userinfo?.url.toString(),
         };
@@ -89,6 +92,6 @@ }
         }
-        if (provider.userinfo?.request) {
-            profile = await provider.userinfo.request({ tokens, provider });
+        if (userinfo?.request) {
+            profile = await userinfo.request({ tokens, provider });
         }
-        else if (provider.userinfo?.url) {
+        else if (userinfo?.url) {
             const userinfoResponse = await o.userInfoRequest(as, client, tokens.access_token);
@@ -95,0 +98,0 @@ profile = await userinfoResponse.json();

lib/providers.js

@@ -25,5 +25,5 @@ import { merge } from "./utils/merge.js";
 }
+// TODO: Also add discovery here, if some endpoints/config are missing.
+// We should return both a client and authorization server config.
 function normalizeOAuth(c) {
-    if (!c)
-        return {};
     if (c.issuer)
@@ -55,3 +55,3 @@ c.wellKnown ?? (c.wellKnown = `${c.issuer}/.well-known/openid-configuration`);
 function normalizeEndpoint(e, issuer) {
-    if (!e || issuer)
+    if (!e && issuer)
         return;
@@ -61,12 +61,13 @@ if (typeof e === "string") {
     }
-    // If v.url is undefined, it's because the provider config
+    // If e.url is undefined, it's because the provider config
     // assumes that we will use the issuer endpoint.
-    // The existence of either v.url or provider.issuer is checked in
-    // assert.ts
-    // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-    const url = new URL(e.url);
-    // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
-    for (const k in e.params)
-        url.searchParams.set(k, e.params[k]);
-    return { ...e, url };
+    // The existence of either e.url or provider.issuer is checked in
+    // assert.ts. We fallback to "https://authjs.dev" to be able to pass around
+    // a valid URL even if the user only provided params.
+    // NOTE: This need to be checked when constructing the URL
+    // for the authorization, token and userinfo endpoints.
+    const url = new URL(e?.url ?? "https://authjs.dev");
+    for (const k in e?.params)
+        url.searchParams.set(k, e?.params[k]);
+    return { url, request: e?.request };
 }

lib/routes/callback.js

@@ -5,3 +5,3 @@ import { handleLogin } from "../callback-handler.js";
 import { createHash } from "../web.js";
-import { handleAuthorized } from "./shared.js";
+import { getAdapterUserFromEmail, handleAuthorized } from "./shared.js";
 /** Handle callbacks from login services */
@@ -114,5 +114,6 @@ export async function callback(params) {
             // @ts-expect-error -- Verified in `assertConfig`.
-            const profile = await getAdapterUserFromEmail(identifier, adapter);
+            const user = await getAdapterUserFromEmail(identifier, adapter);
             const account = {
-                providerAccountId: profile.email,
+                providerAccountId: user.email,
+                userId: user.id,
                 type: "email",
@@ -122,17 +123,17 @@ provider: provider.id,
             // Check if user is allowed to sign in
-            const unauthorizedOrError = await handleAuthorized({ user: profile, account }, options);
+            const unauthorizedOrError = await handleAuthorized({ user, account }, options);
             if (unauthorizedOrError)
                 return { ...unauthorizedOrError, cookies };
             // Sign user in
-            const { user, session, isNewUser } = await handleLogin(sessionStore.value, profile, account, options);
+            const { user: loggedInUser, session, isNewUser, } = await handleLogin(sessionStore.value, user, account, options);
             if (useJwtSession) {
                 const defaultToken = {
-                    name: user.name,
-                    email: user.email,
-                    picture: user.image,
-                    sub: user.id?.toString(),
+                    name: loggedInUser.name,
+                    email: loggedInUser.email,
+                    picture: loggedInUser.image,
+                    sub: loggedInUser.id?.toString(),
                 };
                 const token = await callbacks.jwt({
                     token: defaultToken,
-                    user,
+                    user: loggedInUser,
                     account,
@@ -162,3 +163,3 @@ isNewUser,
             }
-            await events.signIn?.({ user, account, isNewUser });
+            await events.signIn?.({ user: loggedInUser, account, isNewUser });
             // Handle first logins on new accounts
@@ -165,0 +166,0 @@ // e.g. option to send users to a new account landing page on initial login

lib/routes/signin.js

@@ -23,3 +23,3 @@ import emailSignin from "../email/signin.js";
                 providerAccountId: email,
-                userId: email,
+                userId: user.id,
                 type: "email",
@@ -26,0 +26,0 @@ provider: provider.id,

package.json

 {
   "name": "@auth/core",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "description": "Authentication for the Web.",
@@ -23,3 +23,3 @@ "keywords": [
     "Lluis Agusti <hi@llu.lu>",
-    "Thang Huu Vu <thvu@hey.com>",
+    "Thang Huu Vu <hi@thvu.dev>",
     "Iain Collins <me@iaincollins.com"
@@ -26,0 +26,0 @@ ],

src/lib/oauth/authorization-url.ts

@@ -25,3 +25,4 @@ import * as o from "oauth4webapi"
 
-  if (!url) {
+  // Falls back to authjs.dev if the user only passed params
+  if (!url || url.host === "authjs.dev") {
     // If url is undefined, we assume that issuer is always defined
@@ -52,5 +53,5 @@ // We check this in assert.ts
       ...provider.authorization?.params,
-    }, // Defaults
-    Object.fromEntries(authParams), // From provider config
-    query // From `signIn` call
+    },
+    Object.fromEntries(provider.authorization?.url.searchParams ?? []),
+    query
   )
@@ -57,0 +58,0 @@

src/lib/oauth/callback.ts

@@ -34,3 +34,8 @@ import * as o from "oauth4webapi"
 
-  if (!provider.token?.url && !provider.userinfo?.url) {
+  const { token, userinfo } = provider
+  // Falls back to authjs.dev if the user only passed params
+  if (
+    (!token?.url || token.url.host === "authjs.dev") &&
+    (!userinfo?.url || userinfo.url.host === "authjs.dev")
+  ) {
     // We assume that issuer is always defined as this has been asserted earlier
@@ -58,5 +63,5 @@ // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
     as = {
-      issuer: provider.issuer ?? "https://a", // TODO: review fallback issuer
-      token_endpoint: provider.token?.url.toString(),
-      userinfo_endpoint: provider.userinfo?.url.toString(),
+      issuer: provider.issuer ?? "https://authjs.dev", // TODO: review fallback issuer
+      token_endpoint: token?.url.toString(),
+      userinfo_endpoint: userinfo?.url.toString(),
     }
@@ -148,5 +153,5 @@ }
 
-    if (provider.userinfo?.request) {
-      profile = await provider.userinfo.request({ tokens, provider })
-    } else if (provider.userinfo?.url) {
+    if (userinfo?.request) {
+      profile = await userinfo.request({ tokens, provider })
+    } else if (userinfo?.url) {
       const userinfoResponse = await o.userInfoRequest(
@@ -153,0 +158,0 @@ as,

src/lib/providers.ts

@@ -48,7 +48,7 @@ import { merge } from "./utils/merge.js"
 
+// TODO: Also add discovery here, if some endpoints/config are missing.
+// We should return both a client and authorization server config.
 function normalizeOAuth(
-  c?: OAuthConfig<any> | OAuthUserConfig<any>
+  c: OAuthConfig<any> | OAuthUserConfig<any>
 ): OAuthConfigInternal<any> | {} {
-  if (!c) return {}
-
   if (c.issuer) c.wellKnown ??= `${c.issuer}/.well-known/openid-configuration`
@@ -88,16 +88,16 @@
 ): OAuthConfigInternal<any>[OAuthEndpointType] {
-  if (!e || issuer) return
+  if (!e && issuer) return
   if (typeof e === "string") {
     return { url: new URL(e) }
   }
-  // If v.url is undefined, it's because the provider config
+  // If e.url is undefined, it's because the provider config
   // assumes that we will use the issuer endpoint.
-  // The existence of either v.url or provider.issuer is checked in
-  // assert.ts
-  // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
-  const url = new URL(e.url!)
-  // eslint-disable-next-line @typescript-eslint/no-unnecessary-type-assertion
-  for (const k in e.params) url.searchParams.set(k, e.params[k] as any)
-
-  return { ...e, url }
+  // The existence of either e.url or provider.issuer is checked in
+  // assert.ts. We fallback to "https://authjs.dev" to be able to pass around
+  // a valid URL even if the user only provided params.
+  // NOTE: This need to be checked when constructing the URL
+  // for the authorization, token and userinfo endpoints.
+  const url = new URL(e?.url ?? "https://authjs.dev")
+  for (const k in e?.params) url.searchParams.set(k, e?.params[k])
+  return { url, request: e?.request }
 }

src/lib/routes/callback.ts

@@ -5,3 +5,3 @@ import { handleLogin } from "../callback-handler.js"
 import { createHash } from "../web.js"
-import { handleAuthorized } from "./shared.js"
+import { getAdapterUserFromEmail, handleAuthorized } from "./shared.js"
 
@@ -14,2 +14,3 @@ import type { AdapterSession } from "../../adapters.js"
   InternalOptions,
+  Account,
 } from "../../types.js"
@@ -177,6 +178,7 @@ import type { Cookie, SessionStore } from "../cookie.js"
       // @ts-expect-error -- Verified in `assertConfig`.
-      const profile = await getAdapterUserFromEmail(identifier, adapter)
+      const user = await getAdapterUserFromEmail(identifier, adapter)
 
-      const account = {
-        providerAccountId: profile.email,
+      const account: Account = {
+        providerAccountId: user.email,
+        userId: user.id,
         type: "email" as const,
@@ -188,3 +190,3 @@ provider: provider.id,
       const unauthorizedOrError = await handleAuthorized(
-        { user: profile, account },
+        { user, account },
         options
@@ -196,19 +198,18 @@ )
       // Sign user in
-      const { user, session, isNewUser } = await handleLogin(
-        sessionStore.value,
-        profile,
-        account,
-        options
-      )
+      const {
+        user: loggedInUser,
+        session,
+        isNewUser,
+      } = await handleLogin(sessionStore.value, user, account, options)
 
       if (useJwtSession) {
         const defaultToken = {
-          name: user.name,
-          email: user.email,
-          picture: user.image,
-          sub: user.id?.toString(),
+          name: loggedInUser.name,
+          email: loggedInUser.email,
+          picture: loggedInUser.image,
+          sub: loggedInUser.id?.toString(),
         }
         const token = await callbacks.jwt({
           token: defaultToken,
-          user,
+          user: loggedInUser,
           account,
@@ -241,3 +242,3 @@ isNewUser,
 
-      await events.signIn?.({ user, account, isNewUser })
+      await events.signIn?.({ user: loggedInUser, account, isNewUser })
 
@@ -244,0 +245,0 @@ // Handle first logins on new accounts

src/lib/routes/signin.ts

@@ -36,3 +36,3 @@ import emailSignin from "../email/signin.js"
         providerAccountId: email,
-        userId: email,
+        userId: user.id,
         type: "email",
@@ -39,0 +39,0 @@ provider: provider.id,

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

653617

increased by0.17%

Lines of code

16938

increased by0.07%

No dependency changes